Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (athena.apache.org: local policy)
Message-ID: <4884EE89.7030604@ice-sa.com>
Date: Mon, 21 Jul 2008 22:16:09 +0200
From: =?ISO-8859-1?Q?Andr=E9_Warnier?= <aw@ice-sa.com>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: users@httpd.apache.org
References: <b96f8b630807210258h5185e1bek1cb150645e93f8fb@mail.gmail.com>
In-Reply-To: <b96f8b630807210258h5185e1bek1cb150645e93f8fb@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [users@httpd] ACL - access control lists

apache a wrote:
> does apache servers use ACLs to check conditions based on the incoming http
> request URL, even before the header is parsed?
> 
You have already asked that question, in different ways, several times.
And you have already received responses several times, all basically 
saying no.
Unless you describe what exactly you would like to achieve, nobody is 
going to be able to give you another answer.

Be logical :
Apache is basically an HTTP server, designed to handle HTTP requests.
It receives requests, which usually consist of a first line like this :
GET /something HTTP/x.x  OR
POST /something/else?a=b HTTP/x.x  OR
PUT /something/else/again.lst HTTP/x.x  OR
MKCOL /somedir HTTP/x.x
...

followed usually by several HTTP header lines.

The "GET", "POST" etc.. above stand for what you would like Apache to 
do, and the "/something" stands for "to what would you like Apache to do 
this".
Apache does not know, at first, that "/something" is a local file, or an 
alias for a local file, or a ci-bin script to execute, or a disk 
location where you want to put a file, or a "prox�" link to another 
system, or a million other things possible.
Before Apache knows if the "/something" corresponds or not to some file 
on the local filesystem, it has to take some steps.
For that, it usually needs the information from the HTTP headers, so it 
will read and parse them.
It is only after that, that it may know that "/something" is a local 
file "/var/www/xyz/docs/subdir/abcdef.txt", and that it may, maybe, 
check the ACLs of the local file before it sends it back.
And , for example, if Apache has to check an ACL in order to decide, 
does it also need to know who you are, and if you have the right to get 
that file ?  If yes, then that information usually comes in HTTP 
headers, which Apache will need to parse first.

If you do not want Apache to do that, then there exist some ways, but 
they are not simple, because you need to turn Apache from a HTTP server 
into a server for some other protocol.

Then the question becomes : is it worth doing that work with Apache, or 
should you be using something else ?

If your idea is to have a process that can accept simple requests for 
local files via TCP/IP, and send them back or not depending on some file 
ACL, then you can write your own TCP server.  There are many examples 
available , and Google will help.
Or check this book for example :
Network Programming with Perl - Lincoln D.Stein
Publisher : Addison-Wesley

Andr�

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org